Regulatory Profiles

The federal government recently rolled out a comprehensive regulation updating the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The final omnibus rule establishes new patient rights to health information and buttresses the government's ability to enforce the law.

Several of the changes in the final rule provide the public with increased protection and control of personal health information. Existing HIPAA Privacy and Security Rules focused on health care providers, health plans, and other entities that process health insurance claims. The changes expand many of the requirements to business associates of these entities that receive protected health information, such as contractors and subcontractors. The Department of Health and Human Services (HHS) noted that some of the largest breaches reported to HHS have involved such business associates.

The final rule also raises penalties for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.

Individual rights are expanded in several ways. Providers must offer patients a copy of their electronic medical record in an electronic format if requested, and if individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan. The final rule also sets new limits on how information is used and disclosed for marketing and fundraising purposes, and prohibits the sale of health information without patient permission.

Reimbursement for molecular tests is taking a hit under the new coding scheme that took effect in January. The Centers for Medicare and Medicaid Services (CMS) shocked the lab community at the end of 2012 when it announced that each local contractor would have to develop its own prices for molecular tests, rather than carry over existing reimbursement for the new codes (CLN 2013 Jan;39). The new codes replace the so-called stacked codes that paid for individual steps in molecular tests but did little to discriminate one test from another, leaving payers clueless about which tests they were paying for.

Many diagnostic companies and labs supported the switch to the updated codes, but now face steep cuts to some tests as local contractors scramble to figure out their own pricing. Initial analyses from financial analysts at Piper Jaffray and Deutsche Bank found that prices from the first contractor to go public, Palmetto GBA, are down more than 20% on average compared to last year under the old codes.

Some cuts are even deeper. For example, Palmetto priced KRAS gene mutation testing, a pharmacogenomics test used to guide therapy for colorectal cancer, at $226—a 75% cut from the $911 reimbursement the lab received under the old stacked code system.

Local pricing from contractors will not be the final word, however. By June 30, CMS plans to take an average of all contractors' prices for each code to set a final, maximum price, called the national limitation amount. Before this happens, laboratorians should watch for the agency to post each contractor's prices by April 30, after which a 60-day comment period will follow.

More information on the Palmetto price list is available from the company's MolDx program page on its website.

Proposed Rule Expands Discretion on PT Referral

A proposed rule would give the Centers for Medicare and Medicaid Services (CMS) even more flexibility in how cases of proficiency testing (PT) referrals are handled. Part of a large proposal by the Department of Health and Human Services to eliminate unnecessary or burdensome regulations requested by President Obama, the proposed rule implements and expands upon the Taking Essential Steps for Testing (TEST) Act, which became law on December 4, 2012. TEST fixed automatic penalties for labs that refer a proficiency testing (PT) specimen unintentionally to an outside lab and gave CMS more flexibility in how to punish offenders.

The proposed rule would go a little further than TEST, in an effort to prevent confusion and reduce the risk of noncompliance, according to CMS. CMS proposes clarifying some of the confusing language in current regulations by, for example, adding a statement noting that the requirement to "treat PT samples in the same manner as patient specimens" does not mean that it is acceptable to refer PT samples to another lab for testing even if that is the protocol for patient specimens.

CMS is also proposing to "carve out a narrow exception" in its long-standing interpretation of what constitutes an intentional referral of PT samples, following the spirit of TEST. In these instances, the lab would be subject to alternate sanctions. To add clarity, CMS would better articulate its definitions of reflex testing, confirmatory testing, and repeat PT referral.

The proposed regulation is available from the Federal Registerwebsite.